Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.0 RC3 tap/bridging mode for "road warrior" setup

    OpenVPN
    3
    4
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nedm
      last edited by

      Are there any workarounds currently to get a tap/bridged setup working?  I'd like "road warrior" clients to be able to be assigned an IP on the target LAN, rather than just one from the tunnel range.

      No matter what I do, the only address I can seem to get assigned to clients who successfully connect is an address in the tunnel range.

      I've set up a DHCP server on the LAN interface with an appropriate IP range, and have tried adding another interface (OPT1) set to the OpenVPN server, then adding a bridge between OPT1 <> LAN and firewall rules to allow all traffic.  I've tried both static and none for addressing OPT1.  None of this seems to work.

      Logs show OpenVPN authorizing & connecting fine, and nothing blocked by the firewall.

      Any suggestions on how to make this work?

      Edit: The only references I see for 2.0 in the forum describe tap/bridging as possible, but "not pretty."  I'm willing to shoot for ugly at this point if anyone has any homely suggestions.  Thanks.

      1 Reply Last reply Reply Quote 0
      • N
        nedm
        last edited by

        After poring over all the bridging/tap entries I could find from betas/earlier RCs, I still can't find any specifics on how to make this work in RC3.  I've added  a line like server-bridge 192.168.0.170 255.255.255.0 192.168.0.171 192.168.0.180 to the extra parameters under the OpenVPN server page, but I get an error in the OpenVPN log that the server can't have both 'server' and 'server-bridge' entries in the config.  Still can't get anything but the tunnel address to assign to the clients when they log in.

        I'm open to modifying the openvpn.inc file or anything else, but could really use some pointers as to how to do this for a "road-warrior" tap/bridging server.

        1 Reply Last reply Reply Quote 0
        • X
          xerovis
          last edited by

          I would also like to know how to get a TAP interface going on OpenVPN so broadcast traffic gets through. We used this extensively in 1.2.3 and we have been able to TUN working in 2.0.

          1 Reply Last reply Reply Quote 0
          • S
            slu
            last edited by

            http://forum.pfsense.org/index.php/topic,36060.0.html
            http://forum.pfsense.org/index.php/topic,36156.0.html

            Edit:
            http://forum.pfsense.org/index.php/topic,38166.0.html

            pfSense Gold subscription

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.